Conventionally, a message authentication is used for detecting substitution that a third party executes to message data communicated via a communications network. In a typical message authentication, a transmitter transmits message data and an authenticator that is generated by compressing a feature of the message data and encrypting it; a receiver receives all the data from the transmitter to execute, using the received authenticator, substitution detection of whether the received message data is really sent by the transmitter or not.
For instance, as shown in FIG. 9, a transmitter applies a process of a hash function of a one-way function to message data (consisting of DATA A and DATA B) that is to be sent, to thereby generate a hash value 101; the hash value 101 is then encrypted to generate an authenticator (message authenticator) 103. Here, the message data is divides into DATA A and DATA B that can be contained in the packets, respectively. The transmitter further generates packets (communications packets). In each packet, each of DATA A, DATA B, and the authenticator 103 that is generated as explained above is accompanied by an individual header and footer complying to a communications protocol. The transmitter then serially transmits the packets to the receiver. In FIG. 9, an authenticator is contained in only a single packet; however, when a data volume of the authenticator becomes large, the authenticator is divided into and included in the multiple packets.
By contrast, after receiving all the data (in this example, DATA A, DATA B, and authenticator) from the transmitter, the receiver applies the process of the hash function to message data, which is formed by combining DATA A and DATA B, to generate a hash value 105. The receiver further decrypts the received authenticator 103 to generate a hash value 109, then comparing both authenticators 105, 109.
When both authenticators 105, 109 are equal, the received message data (DATA A and DATA B) is determined to be not substituted while being communicated, namely, the received message data is determined to be really sent by the transmitter. By contrast, when both authenticators 105, 109 are unequal, the received message data (DATA A and DATA B) is determined to be substituted while being communicated, namely, the received message data is determined not to be sent by the transmitter. A request for retransmitting is thereby sent to the transmitter. The transmitter then transmits the message data and authenticator again.
Thus, in the typical message authentication, the transmitter transmits the message data and authenticator; after receiving both the message data and authenticator, the receiver detects the substitution by determining whether the same authenticator can be generated from the received massage data.
Here, the above-mentioned method for generating the message authenticator is described, for instance, in JP-A-2001-318600. Further, a procedure for the message authentication was retrieved in a Web page Oct. 20, 2003.
In the above conventional method, the substitution detection cannot be executed until the receiver receives all the data, which results in a long substitution detection period that is a period from when the communications data is substituted up to when the substitution is detected.